Specification and enforcement of classification and inference constraints

Although mandatory access control in database systems has been extensively studied in recent years, and several models and systems have been proposed, capabilities for enforcement of mandatory constraints remain limited. Lack of support for expressing and combating inference channels that improperly leak protected information remains a major limitation in today's multilevel systems. Moreover the working assumption that data are classified at insertion time makes previous approaches inapplicable to the classification of existing, possibly historical, data repositories that need to be classified for release. Such a capability would be of great benefit to, and appears to be in demand by, governmental, public and private institutions. We address the problem of classifying existing data repositories by taking into consideration explicit data classification as well as association and inference constraints. Constraints are expressed in a unified, DBMS- and model-independent framework, making the approach largely applicable. We introduce the concept of minimal classification as a labeling of data elements that while satisfying the constraints, ensures that no data element is classified at a level higher than necessary. We also describe a technique and present an algorithm for generating data classifications that are both minimal and preferred according to certain criteria. Our approach is based on preprocessing, or compiling, constraints to produce a set of simple classification assignments that can then be efficiently applied to classify any database instance.

[1]  Xiaolei Qian,et al.  View-based access control with high assurance , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[2]  Bhavani M. Thuraisingham,et al.  The Use of Conceptual Structures for Handling the Inference Problem , 1991, DBSec.

[3]  Jackson Wilson Views as the security objects in a multilevel secure relational database management system , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[4]  Silvana Castano,et al.  Database Security , 1997, IFIP Advances in Information and Communication Technology.

[5]  Fang Chen,et al.  The multilevel relational (MLR) data model , 1998, TSEC.

[6]  Cristi Garvey,et al.  ASDViews (relational databases) , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[7]  Harry S. Delugach,et al.  Wizard: A Database Inference Analysis and Detection System , 1996, IEEE Trans. Knowl. Data Eng..

[8]  Sushil Jajodia,et al.  Toward a multilevel secure relational data model , 1991, SIGMOD '91.

[9]  Peter D. Karp,et al.  Detection and elimination of inference channels in multilevel relational database systems , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[10]  Bhavani Thuraisingham,et al.  Security Constraints in a Multilevel Secure Distributed Database Management System , 1995, IEEE Trans. Knowl. Data Eng..

[11]  Sushil Jajodia,et al.  Enhancing the Controlled Disclosure of Sensitive Information , 1996, ESORICS.

[12]  Gultekin Özsoyoglu,et al.  Controlling FD and MVD Inferences in Multilevel Relational Database Systems , 1991, IEEE Trans. Knowl. Data Eng..

[13]  Randal E. Bryant,et al.  Symbolic Boolean manipulation with ordered binary-decision diagrams , 1992, CSUR.

[14]  Catherine A. Meadows Extending the Brewer-Nash model to a multilevel context , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[15]  Mark E. Stickel Elimination of inference channels by optimal upgrading , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[16]  Reind P. van de Riet,et al.  Answering queries without revealing secrets , 1983, TODS.

[17]  Matthew Morgenstern,et al.  Security and inference in multilevel database and knowledge-base systems , 1987, SIGMOD '87.

[18]  Dorothy E. Denning,et al.  The SeaView Security Model , 1990, IEEE Trans. Software Eng..

[19]  Michael R. Genesereth,et al.  The Conceptual Basis for Mediation Services , 1997, IEEE Expert.

[20]  Sujeet Shenoi,et al.  Catalytic inference analysis: detecting inference threats due to knowledge discovery , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[21]  Thomas H. Hinke,et al.  Inference aggregation detection in database management systems , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[22]  D.G. Marks,et al.  Inference in MLS Database Systems , 1996, IEEE Trans. Knowl. Data Eng..

[23]  Teresa F. Lunt,et al.  Cover Stories for Database Security , 1991, DBSec.

[24]  Marianne Winslett,et al.  Formal query languages for secure relational databases , 1994, TODS.

[25]  Gary W. Smith Modeling Security-Relevant Data Semantics , 1991, IEEE Trans. Software Eng..

[26]  Karl N. Levitt,et al.  Data level inference detection in database systems , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[27]  Dan Thomsen,et al.  The LDV Secure Relational DBMS Model , 1990, DBSec.

[28]  Selim G. Akl,et al.  Views for Multilevel Database Security , 1986, 1986 IEEE Symposium on Security and Privacy.